Hi,from what I've seen in the sources and documentation a default and pre-generated prime will be used as default (unless appended to the certificate). HAProxy uses the related functions provided by OpenSSL itself (get_rfc3526_prime_2048, ...). What I miss here is an option to specify my own dhparams file to avoid using those pre-generated ones and/ore appending some to all certificates. Wouldn't it make sense to allow it to be read from a file, globally?
-- Regards, Christian Ruppert
